In today's digital environment, protecting user information and user resources from unauthorized access is increasingly important. Accordingly, different ways of verifying that a user “is who they say they are” have been developed. Such processes and techniques are typically referred to as user authentication. Authentication is utilized in a myriad of different scenarios, and particularly for controlling access to network-based (e.g., web-based) resources.
In a common scenario, a user profile is generated for a user that enables the user to access a particular network resource. The user profile is associated with a user identifier (e.g., a username) that differentiates the user from other users. The user profile is also typically associated with some form of authentication factor (e.g., a password) that the user provides to verify the identity of the user and enable the user to access the network resource.
While a network resource may utilize its own particular authentication procedure, network resources often leverage third-party authentication providers to authenticate users. For instance, one website may enable a user to login via a user profile created for and managed by another, different website. Various protocols exist for enabling third-party authentication, such as OAuth, OpenID, and so forth.
While utilizing third-party authentication providers is a convenient way to authenticate users, it also presents some implementation challenges. For instance, consider a scenario where a particular network resource utilizes multiple third-party authentication providers. While a particular user identifier may be unique at a single third-party authentication provider, it may be duplicated across multiple third-party authentication providers. Further, the same user identifier may be associated one user at one third-party authentication provider, and with a different user at a different third-party authentication provider. Such user identifier collisions can cause problems for network resources that use multiple third-party authentication providers.